Django Custom User Authentication Backend


Introduction


In some Django projects we need to customize user model. We don’t want to go with the Django’s existing user model because we need more fields in user model. Sometimes we want to login user with the unique-id of third party service like Facebook, Twitter and etc.
In this blog I describe how to create custom user model and custom authentication backend to perform such requirements.

Creating Custom User Model

In this example I have created custom user model named as ‘Staff’. I have extended this Staff model with Django’s User model and added more fields in Member which I needed.


from django.contrib.auth.models import User, UserManager
from django.db import models

class Designation(models.Model):
    key = models.CharField(max_length=5)
    name = models.CharField(max_length=32)
    
    def __unicode__(self):
        return str(self.name)

class Staff(User):
    """User with app settings."""
    avatar = models.ImageField(upload_to="static/member_avatar/", blank=True, 
                               null=True)
    designation = models.ForeignKey(Designation)

    # Use StaffManager to get the create_user method, etc.
    objects = StaffManager()

    class Meta(object):
        verbose_name = 'Staff'
        verbose_name_plural = 'Staffs'

Changes Required in Settings File

Then, in settings.py file you have to explicitly mention custom user model and custom authentication backend.


AUTHENTICATION_BACKENDS = ('auth_backends.StaffModelBackend',)

CUSTOM_USER_MODEL = 'app.Staff'


Creating custom authentication backend

Create the custom authentication backend class and in this class we have to change user_class property method to get user instance from our custom model instead of Django’s User model. We have mentioned this class in settings file so that Django will get user instance of our custom model using this class (instead of Django’s User model).

from django.conf import settings
from django.contrib.auth.backends import ModelBackend
from django.core.exceptions import ImproperlyConfigured
from django.db.models import get_model

class StaffModelBackend(ModelBackend):
    def authenticate(self, username=None, password=None):
        try:
            user = self.user_class.objects.get(username=username)
            if user.check_password(password):
                return user
        except self.user_class.DoesNotExist:
            return None

    def get_user(self, user_id):
        try:
            return self.user_class.objects.get(pk=user_id)
        except self.user_class.DoesNotExist:
            return None

    @property
    def user_class(self):
        if not hasattr(self, '_user_class'):
            self._user_class = get_model(*settings.CUSTOM_USER_MODEL.split('.', 2))
            if not self._user_class:
                raise ImproperlyConfigured('Could not get custom user model')
        return self._user_class


Admin interface to add/edit custom User

You can also make a admin interface of your custom user model (i.e Staff). In below example, I have created StaffAdmin class which is used by Django’s admin to create/modify an instance of custom user model. In this class I have changed the fieldsets to create and modify forms.

from django.contrib import admin
from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.forms import UserChangeForm, UserCreationForm
from django.utils.translation import ugettext_lazy as _

from app.models import Staff

class StaffChangeForm(UserChangeForm):
    class Meta(UserChangeForm.Meta):
        model = Staff
       
class StaffCreationForm(UserCreationForm):
    class Meta(UserCreationForm.Meta):
        model = Staff

class StaffAdmin(UserAdmin):
    form = StaffChangeForm
    add_form = StaffCreationForm
   
    fieldsets = (
        (None, {'fields': ('username', 'password')}),
        (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
        (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
                                       'user_permissions')}),
        (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
        (None, {'fields': ('designation', 'avatar')}),
    )
    add_fieldsets = UserAdmin.add_fieldsets + (
        (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
        (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
                                       'user_permissions')}),
        (None, {'fields': ('designation')}),
    )

admin.site.register(Staff, StaffAdmin)

                           

No comments:

Post a Comment